The world has recently learned of the sophisticated supply-chain attack on FireEye by inserting malicious code in a software update for a tool called SolarWinds Orion. The operation may have started as early as mid-2020. The Orion system is used by the U.S. Treasury Department, Commerce Department, Department of Homeland Security, the Pentagon, the Navy and many others. And, even as I type this post, Tuesday evening December 15, the security firm GreyNoise Intelligence reports, “SolarWinds still has not removed the compromised Orion software updates from its distribution server.”
DHS’s Cybersecurity and Infrastructure Security Agency (CISA) purchased $45,000-worth of licenses for Solarwinds tools in 2019 while the U.S. Cyber Command spent over $12,000.
Solarwinds, in a legal filing yesterday, Monday, December 14, says malicious code was pushed to nearly 18,000 customers (that does not mean I am one customer and you are another. It means Microsoft Office 365, for example, is ONE customer.)
We can look to Microsoft to soon get an idea who, and how many, SolarWinds customers were really affected as Microsoft (according to a quick look at the Internet’s “Whois”) has taken control of the Domain (registered and managed by Go Daddy in Arizona) used to control the infected systems.
“Vinoth Kumar, a cybersecurity “bug hunter” who has earned cash bounties and recognition from multiple companies for reporting security flaws in their products and services, posted on Twitter that he notified SolarWinds in November 2019 that the company’s software download website was protected by a simple password that was published in the clear on SolarWinds’ code repository at Github.” – Krebson Security.
I must say that I am shocked… SCHOCKED that the (purportedly) Russian hackers were able to get through the sophisticated systems in place at Solarwinds, a company so advanced I have heard they did not even see the need for an internal chief of cybersecurity. I mean who at the Russian FSB, even tho they have some of the best cyber-hackers on the planet, would ever have thought to build code-busting software to break the heavy-duty security at Solarwinds?
Oh… wait a minute! The password was published amongst the public repository of Solarwinds files at Github. It was a masterful password most of us would have had to write on the back of our hands to remember: solarwinds123
Anti-Social Media Platforms & The Erosion of Democracy and Social Justice
(Or, why surveillance capitalism is bad for you and the world)
Part 1 of 3
“Social media, once an enabler, is now the destroyer, building division—‘us against them’ thinking— into the design of their platforms…. It’s time to end the whack-a-mole approach of the technology platforms to fix what they have broken,” – Rappler CEO Maria Ressa
“The past years have offered a wake-up call for those who needed it….Without explicit and enforceable safeguards, the technologies promised to advance democracy will prove to be the ones that undermine it. It is now vital that democracy is made more resilient,” – Marietje Schaake. former EU parliamentarian
Most people, historically, have been
alarmed by intrusions of government and its spying into the lives of ordinary
citizens. But, while our attentions have been fixated on this, we ‘dropped the
ball’ on the far more invasive mining and use of personal data by the large
companies we, all of us, have connections to, however deep and pervasive or fleeting
and sporadic.
In 2014, based upon the rising amount of captured data large
companies, led by “social media”
companies, were beginning to harvest and utilize, Shoshana Zubroff coined the
term “surveillance capitalism”
to describe this mountain of personal data accumulating in staggering quantity
each year. It is a business model predicated on harvesting the online user experience and
then manipulating human behavior for monetization, that is, a basic move from processing
internal to mining external data, a handy and lucrative convergence of
enterprise and consumer IT. Now, many of these
mega-companies generate more revenue and exercise more power that all but a
handful of the world’s nations.
In 2016 the World Economic Forum (the
group that meets in Davos every year) reported that of the world’s top 100
global economic entities, (measuring revenue, not GDP) 69 were corporations –
meaning only 31 were countries. Here, in order, were the top 10 entries:
USA
P.R. China
Germany
Japan
France
United Kingdom
Italy
Brazil
Canada
Walmart
This list might strike the sobering
thought that economic powerhouses like South Korea, Russia, Switzerland and
others were, in fact, further down the list. The trend continues so that by 2018
157 of the top 200 world economic entities by revenue were corporations, not
countries.
Here were the top 10 companies in 2016
with their world economic ranking by revenue in parenthesis:
Walmart (10)
State Grid (14) [a Chinese company]
China National Petroleum (15)
Sinopec Group (16)
Royal Dutch Shell (18)
Exxon Mobil (221)
Volkswagon (22)
Toyota Motor (23)
Apple (25)
BP (27)
Now, for a 2020 country update, using International Monetary
Fund data: USA and China are still top dogs, Japan and Germany switched
positions, India made an appearance at spot #5, UK and France swapped lanes,
followed by the same three, Italy, Brazil Canada, as in 2016. Rounding out the
next ten countries – but not revenue generation when companies are tossed into
the mix, are Russia, South Korea, Spain, Australia, Mexico, Indonesia,
Netherlands, Saudi Arabia, Turkey and Switzerland.
Showing it is difficult to break into the top 20 countries is
the fact that 17 of these top 20 were also on the list in 1980, that is, 40
years ago.
For a 2020 update on companies (from Fortune 500 data) we have:
Walmart
Sinopec Group
State Grid
China National Petroleum
Royal Dutch Shell
Saudi Aramco
Volkswagon
BP
Amazon.com
Toyota Motor
So why are these figures important? Ah… I am pleased you
asked.
For one, it means that many sovereign nations cannot rein in
companies engaging in bad behaviour within their borders – even if and when
they have the desire. Chevron in the Peruvian Amazon comes to mind. Oil
exploration is a dirty business and when little recoverable amounts are found
there is still a mess to clean up – or not. In a place like the Amazon who is going
to see the contamination other than indigenous locals?
But the issues I am getting to here are more about the
so-called ‘social media’ giants, companies we used to think of as having a
clean footprint.
In the early years of the internet revolution early adopters of the technology bought into services billed as connecting/informing us at the speed of the electron, prepping us for our lives in the 21st century. These services were, in the main, offered for free as companies, including newsrooms, tried to figure out how to monetize their products. The few ads we would see were bothersome but easy to ignore, especially as they lacked personal focus and sophisticated tracking technology. It reminds me of the early hype of the energy companies with their mascot Ready Kilowatt and the 1954 statement of Lewis Strauss, then chairman of the United States Atomic Energy Commission, with his alluring, sloganeering promise to the National Association of Science Writers: “electrical energy too cheap to meter!” – a good example of what we now know as “overpromising & underdelivering.”
In less than twenty years internet coding wizards have made
stratospheric leaps and small startups have combined, morphed and advanced into
extremely sophisticated entities. At the same time we have come to recognize
there is a dark underbelly bolstering the magical kingdom of all-connection,
all-the-time. A 24/7 existence, like so much of life’s general intrusions, is a
two-edged sword.
I think of surveillance capitalism as a natural outgrowth of a technology and life forewarned in 1956 by the brilliant, if troubled, science fiction writer Philip K. Dick. In his novella (made famous by the Spielberg movie) “The Minority Report” three mutants foresee a person’s propensity for committing a ‘future crime’. Their prescience determines the future and freedom, or lack thereof, of ordinary citizen’s based upon criminal actions before they happen. In the same way, surveillance capitalism attempts to predict our future voting, movie-going, book-reading, food shopping, sexual preference… well… all behavior and, subsequently, influence that behavior in a semi-predictable manner, that is, move us toward a specific purchase.
If
not a purchase exactly, then other economic considerations come into play. A
good example is the selling of ‘spit’ data from the genealogical work performed
by the company 23 & Me, a noted seller of DNA info to ‘third parties’. They
caused a minor tremor in 2018 when they announced the sharing of consumers’
anonymized genetic data with pharmaceutical giant GlaxoSmithKline. Sharing is,
of course, a euphemism for ‘selling’; in this case GSK shared $300-million.
While it is hopeful that people with inheritable genetic diseases may well
benefit from this deal in the form of future medicines, data security is never
distant from my mind, especially as data security is, it appears, never in all
ways, secure all the time. Do you really want your health insurance company (who
has always been a gatherer of data that could be used in health/mortality
actuarial practice) rescinding your coverage because you have a 35% chance of
getting motor neuron disease or some other ailment?
Two years ago I was sitting with a friend talking about his new Maserati. An hour later an ad for Maserati popped up on my mobile phone browser during a search for something totally unrelated to cars. That is when I discovered that Google has a division with a huge number of employees developing, listening in and then tweaking their speech and voice components for their algorithms. Turn off your microphones! Siri and Alexa are you listening? (Being highly open to suggestion, I inquired as to whether Google was assisting with monthly car payments but received no answer.)
So, how is all this related to Democracy and Social Justice?
Commercial connections have forever had tentacles entwined
with, and embedded into, governmental components. While governments are often
slow on the uptake of the new (and, to grant and uphold citizen rights) their
bureaucratic nature and love of big data do eventually move the organs of
governance to utilize the lessons of commerce. This learning often first makes
an appearance to ‘improve’ focus on the big picture of where ‘trouble’ among
the rank and file may begin, never mind the trouble may only be citizens
engaging in their constitutionally guaranteed rights of assembly and protest.
But, before we go into more detail here let’s sidestep and read
a little about the
Big Picture & Big Data
That big picture is assisted by ‘big data‘, a term coined in a 1997 scientific paper by NASA. ‘Big data’ is, by definition, unwieldy. It is defined by Wikipedia (even before the Oxford English Dictionary added it to their list) as “an all-encompassing term for any collection of data sets so large and complex that it becomes difficult to process using on-hand data management tools or traditional data processing applications.”
There is a pervasive belief that it is true the more data one accumulates the more answers one has available; that is, quantity is in itself a necessary and sufficient parameter for accurate research. But AnnaLee Saxenian, dean of the UC Berkeley School of Information, one of the leading lights in data and its management, writes that, “We want students and consumers of our research to understand that volume isn’t sufficient to getting good answers… [the] School challenges students in the online Master of Information and Data Science program to approach data with intentionality, beginning with the way they talk about data. They learn to dig deeper by asking basic questions: Where does the data come from? How was it collected and was the process ethical? What kinds of questions can this data set answer, and which can it not?… We run the risk of forgetting why we collect data in the first place: to make our world better through granular details,… The way we talk about data matters, because it shapes the way we think about data. And the ways we apply, fund, and support data today will shape the future of our society.”
The school says this process is part of ‘data science’. A more useful shorthand than big data, the words imply a rigorous approach to analytics and data mining. This view espouses that, “a data set is not so much a painting to be admired but a window to be utilized; scientists use data to see the world and our society’s problems more clearly.”
Another definition of big data, from the McKinsey Global Institute, is “datasets whose size is beyond the ability of typical database software tools to capture, store, manage, and analyze.” This has been tackled in the past two decades by trimming big data down to size. Data scientists have created new tools for collecting, storing, and analyzing these vast amounts of information. “In some sense, the ‘big’ part has become less compelling,” according to Berkeley’s Saxenian.
A Quick Lesson in Data Volumes: The volume of data in a single file or file system can be described by a unit called a byte. However, data volumes can become very large when dealing with, say, Earth satellite data. Below is a table to explain data volume units (credit Roy Williams, Center for Advanced Computing Research at the California Institute of Technology).
Kilo- means 1,000; a Kilobyte is one thousand bytes.
Mega- means 1,000,000; a Megabyte is a million bytes.
Giga- means 1,000,000,000; a Gigabyte is a billion bytes.
Tera- means 1,000,000,000,000; a Terabyte is a trillion bytes.
Peta- means 1,000,000,000,000,000; a Petabyte is 1,000 Terabytes.
Exa- means 1,000,000,000,000,000,000; an Exabyte is 1,000 Petabytes.
Zetta- means 1,000,000,000,000,000,000,000; a Zettabyte is 1,000 Exabytes.
Yotta- means 1,000,000,000,000,000,000,000,000; a Yottabyte is 1,000 Zettabytes
We will return to this later
in a discussion of social media algorithms.
Governments have always been nervous about protest of any
kind. The validity of such jitters was brought home with the ability of mass
movements’ non-violent action in bringing down governments of Warsaw Pact
countries and the Soviet Union itself, felling them like phantom dominoes in Southeast
Asia. Similar events shook the Islamic countries with the ‘Arab Spring’
uprisings.
Governments like using a scattershot approach to try and corral the proverbial needle in a haystack. Certainly we all want the authorities to catch terrorists seeking to do our country harm. But, is a record of all the telephone calls in the country, in real time, going to assist that endeavor? The ubiquitous use of cellular communications lends itself to lax control even for bad actors. So, as listening to U.S. citizen’s phone calls without a judge’s warrant is illegal, perhaps simply getting a list of all the outgoing and incoming numbers being called by people in the U.S., and the duration of the calls, might be helpful? It is that word ‘might’ that bothers me. I’ve no problem with law enforcement requesting and receiving records after an arrest, or the request for a wiretap with probable cause, but the uncontrolled amassing of the 3Vs (volume, variety, velocity – see graph, below) is troubling. A few years ago I was happy to read that when the administration wanted to monitor the mobile phone records of everyone in the United States all the big companies, except for my carrier, T-Mobile, rolled over without requiring probable cause warrants or even administrative subpoenas.
On this day in 1731 Benjamin Banneker (died 19 October 1806), free African-American man of science, author, surveyor and grandson of Bannaka, an African prince, was born in Baltimore County, Maryland. He produced commercially successful almanacs in the 1790s, and his knowledge of astronomy helped him be a part of Andrew Ellicott’s team that Thomas Jefferson ordered to survey land for the young nation’s capital city, Washington, DC.
Banneker, an older contemporary of my 6th generation grandfather, Bazil Norman (who fought in six military campaigns of the American Revolution) never married or had children. But, I am an 11th generation descendant of his sister Jemima. (In 11 generations of Banneker descendants the long-lived Normans only had 6; we marry late and, usually, live long!)
And Jemima begat Meslach who begat Mary who begat Sophia who begat Mary Elizabeth who begat George who begat James ‘Blind Jim’ who begat Mary ‘Polly’ who begat William Franklin who begat my father who begat ME!
Alas, on the day of Banneker’s funeral his cabin burned to the ground destroying almost all his papers and belongings. One journal and some rescued furniture were kept until recently by the Ellicott family, descendants of those original DC surveyors and also founders of Ellicott City, Maryland. A few items are at The Maryland Historical Society tho a Virginia collector bought most of the extant material at a 1996 auction.
I make a valiant attempt to honor my great grandmother Mary Polly’s dictum written on the sheet of paper holding her portrait: “If you don’t remember us grandchild. Who Will?” Polly was Jemima Banneker’s 8th generation grand daughter.
Photo Credits: a page from Benjamin Banneker’s journal (courtesy American Antiquarian Society) and Mary Polly Norris-Norman (1 May 1844 – 12 March 1941) (courtesy Norman Family Archive).
Sunday, April 27 is World Pinhole Photography Day. And, here in northern New Mexico, we are fortunate to have the world’s largest collection of pinhole photography and its associated paraphernalia.
In honor of the annual event the New Mexico History Museum is hosting Poetics of Light, an exhibition of the collection’s images from pinhole enthusiasts around the world. Poetics of Light will open on the celebratory Day itself and run for about eleven months. (http://www.nmhistorymuseum.org/pinhole/)
The collection of 6000 photographs, 200 cameras and 200 books is the result of the generosity of Eric Renner and Nancy Spencer, Co-Directors of Pinhole Resource. Both artists’ pinhole and zone plate photographs can be viewed on their sites at:
There are many web sites providing directions for making your own pinhole camera. Or, you can buy a camera for as little as $10 or as much as several hundred. Check out both directions and ready-mades on the internet.
Herewith, a couple of samples (courtesy of the New Mexico History Museum) to whet your appetite for pinhole photography – and remember to get out there and create your own images this Sunday!
City of London Tracked Mobiles/Cells Via Wi-Fi Trash Bins
How can the public stay ahead of Big Brother when there are so many ways to keep tabs on citizenry? In what has to rank as one of the most creative methods, the City of London has been able to track Wi-Fi enabled devices that pass within proximity of 12 of the 100 “bomb-proof” recycle bins installed just before the 2012 Olympics. One might have guessed these bins were capable of more sophisticated uses as they sport internet-enabled displays. The 12 sleuth bins were “developed by… “Presence Aware” which markets the technology as providing ‘a cookie for the real world.’” Once again commerce and the security state intersect.
Quartz first broke this story and here, four hours ago, recounted its supposed withdrawal, complete with maps.
NASA Budget Constraints Kill 10-Year Old Successful Program
The only UV camera in space was de-commissioned at the end of June so its funding could be used for other NASA departments. While the ending of this mission was scheduled, it is highly disappointing that a still functioning observatory that provided much deep-space data has had its plug pulled. All the more shameful considering the many wasteful federal programs that ought to be axed instead.
Unlike visible light telescopes GALEX (Galaxy Evolution Explorer) scanned our universe in the ultraviolet spectrum viewing both the birth and death of stars thereby telling us much about their creation.
NASA has a site showing some of the amazing images captured by GALAX.
The above image is Cygnus Loop nebula, the debris from a star that died thousands of years ago. The image is ultraviolet light emitted from the expanding tendrils of hot gas that was the star.
I read somewhere last week that Edward Snowden, the flighty ex-NSA contractor, asked visitors to his Hong Kong apartment to put their mobile phones in his refrigerator. He was attempting to block the GPS signature of their devices in case they were being monitored to determine his whereabouts. What he was trying to do, in effect, was use his fridge as a Faraday cage*.
As is my nature, I was skeptical whether this would actually work. A fridge, it seemed to me, could just as easily be an enhancer of cell signals – a giant antenna what with all that metal and significant gaps for the rubber gaskets. So, being of a scientific bent of mind I tried an experiment. I placed my Samsung mobile in a large Samsung metal-clad refrigerator and dialed it. Voila! The in-coming ring could heard, connecting quicker than it normally does! So much for the rocket-science of a former NSA guy. (Could there be communication channels between all Samsung products? I’ll test another fridge when I get a chance.)
Not content to stop there I then put my mobile in the microwave. This common household appliance is manufactured with one of its express purposes being the blocking of … yes, yes, you’re getting warmer: microwaves! Try as I might, I could not receive a cell signal in this most useful of modern fixtures.
As an addenda, if you are the James Bond type, I have heard that an all-steel martini shaker works to block signals, too. My phone is too large to fit in the shaker at hand to test this hypothesis. And besides, it’s filled with mojitos!
***********
* A Faraday cage, or shield, is named for the English scientist Michael Faraday (1791 -1867). It is a solid or mesh enclosure that blocks most external electro-magnetic fields. Mesh will work as long as its openings are smaller than the radiating wavelength.